Database passwords

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Database passwords

Post by Luke »

When I connect to a mysql database, I always just put the user and password in a php file, and include that file for any page I connect on... so here is the user and password file...
dbvars.php:

Code: Select all

<?php
$dbhost = "localhost";
$GLOBALS['dbhost'] = $dbhost;

$dbuser = "username";
$GLOBALS['dbuser'] = $dbuser;

$dbpass = "password";
$GLOBALS['dbpass'] = $dbpass;
?>
And here is the file I include it in:
database.php

Code: Select all

<?php
include("dbvars.php");
if(mysqlconnect($GLOBALS['dbhost'], $GLOBALS['dbuser'], $GLOBALS['dbpass'])){
    //Do whatever with the connection.
}
?>
Is there a better or more secure way to do this? I know storing my database password in a php file isn't very secure, how do you all do it?
Last edited by Luke on Mon Oct 10, 2005 12:18 pm, edited 1 time in total.
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

i tend to make all of m connections i need on one page and inclde that page at the top of every page i need it on without using global variables :-/
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

What do you mean?
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

dbconnect.php

Code: Select all

$db="host";
$user='user';
$pass='pass';
mysql_connect($db,$user,$pass);
make some database connections..
any page i need to manipulate database info.php :-D

Code: Select all

include("dbconnect.php");
tada
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

So you basically do what I do... isn't that a security issue having the database password included in your file?
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

there's a difference. i don't use global variables..i don't like em:-/ and not really. i've NEVER seen it done any way else.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

One armed space goat wrote:So you basically do what I do... isn't that a security issue having the database password included in your file?
Depends, are you on a shared host? If you arn't then no one will be able to access your files.
Don't get me wrong, shared hosts can be configured (properly) to prevent this.. depends on your host.

Secondly, reguarding your use of GLOBALS, they are generally bad to use. Why don't you simply move your mysql_connect into your include file and eliminate the globals all together?

3000th post :twisted:
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

alrighty.
User avatar
Skara
Forum Regular
Posts: 703
Joined: Sat Mar 12, 2005 7:13 pm
Location: US

Post by Skara »

Things like that work better (for me) if I define them rather than set them as variables. Variables are meant to be changed--which is why they're called vary-ables. :P

Code: Select all

define('MYSQL_USER','username');
echo MYSQL_USER;
;)
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Skara wrote:Things like that work better (for me) if I define them rather than set them as variables. Variables are meant to be changed--which is why they're called vary-ables. :P

Code: Select all

define('MYSQL_USER','username');
echo MYSQL_USER;
;)
Cool, I forgot all about defining... I'll have to use that. Thanks :)
Post Reply